Opera First-Generation Digital Certificate Spoofing

2005-04-12T14:12:40
ID OSVDB:15627
Type osvdb
Reporter GeoTrust()
Modified 2005-04-12T14:12:40

Description

Vulnerability Description

Opera web browser contains a flaw that may allow a malicious user to spoof web site SSL Organization Information and deceive users into believing the site belongs to an organization that it in fact does not. The issue is triggered by a new web browser feature that displays the SSL Organizational Information next to the web browser SSL lock symbol. The Organizational information contained within the SSL certificate is not intended to be unique and is possible that the flaw may allow a malicious website to pose as another to betray consumer trust resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Opera web browser contains a flaw that may allow a malicious user to spoof web site SSL Organization Information and deceive users into believing the site belongs to an organization that it in fact does not. The issue is triggered by a new web browser feature that displays the SSL Organizational Information next to the web browser SSL lock symbol. The Organizational information contained within the SSL certificate is not intended to be unique and is possible that the flaw may allow a malicious website to pose as another to betray consumer trust resulting in a loss of confidentiality.

References:

Vendor Specific Advisory URL Secunia Advisory ID:15706 Other Advisory URL: http://www.novell.com/linux/security/advisories/2005_31_opera.html Other Advisory URL: http://www.geotrust.com/resources/advisory/sslorg/sslorg-advisory.htm Generic Exploit URL: http://www.geotrust.com/resources/advisory/sslorg/index.htm CVE-2005-1139 Bugtraq ID: 13176